Have audit-users.py write out serialized data
This allows us to "query" the datastructure for different perspectives without needing to rerun the costly queries each time we update audit-uses.py. The script is predominantly collecting data now, then we can use the python repl or other scripts to give us better insights. We also do a small refactoring to simplify the collection of data. Change-Id: Ie777ae706050b38ce294a1acf9b1b843fcf5ab41
This commit is contained in:
parent
40471d7ec0
commit
7ee556ca44
@ -35,6 +35,7 @@ import datetime
|
||||
import json
|
||||
import getpass
|
||||
import requests
|
||||
import yaml
|
||||
|
||||
TIME_FORMAT = '%Y-%m-%d %H:%M:%S.%f'
|
||||
TODAY = datetime.datetime.now()
|
||||
@ -127,6 +128,34 @@ def check_recent_changes(account_id, account_info, auth):
|
||||
else:
|
||||
account_info['recent_review'] = None
|
||||
|
||||
def gather_user_info(account_id, user, auth):
|
||||
detail = get_account_detail(account_id, auth)
|
||||
if 'registered_on' in detail:
|
||||
user[account_id]['registered_on'] = detail['registered_on']
|
||||
if 'username' in detail:
|
||||
user[account_id]['username'] = detail['username']
|
||||
sshkeys = get_account_sshkeys(account_id, auth)
|
||||
if sshkeys:
|
||||
user[account_id]['sshkeys'] = True
|
||||
eids = get_account_externalids(account_id, auth)
|
||||
for eid in eids:
|
||||
# We only care about login.ubuntu urls now
|
||||
if 'login.ubuntu' in eid['identity']:
|
||||
r = requests.head(eid['identity'])
|
||||
if r.status_code == 200:
|
||||
# If there is an openid and it is valid we add it
|
||||
# to the list of valid openids
|
||||
user[account_id]['openids'].append(eid['identity'])
|
||||
else:
|
||||
user[account_id]['invalid_openids'].append(eid['identity'])
|
||||
|
||||
check_recent_changes(account_id, user[account_id], auth)
|
||||
|
||||
if user[account_id]['recently_used']:
|
||||
user['recently_used'].append(account_id)
|
||||
else:
|
||||
user['nonrecently_used'].append(account_id)
|
||||
|
||||
def get_user_activity(users, auth=None):
|
||||
for email in users.keys():
|
||||
users[email]['active'] = []
|
||||
@ -148,62 +177,21 @@ def get_user_activity(users, auth=None):
|
||||
'active': True,
|
||||
'username': None,
|
||||
'sshkeys': None,
|
||||
'openids': []}
|
||||
'openids': [],
|
||||
'invalid_openids': []}
|
||||
users[email]['active'].append(account_id)
|
||||
gather_user_info(account_id, users[email], auth)
|
||||
|
||||
detail = get_account_detail(account_id, auth)
|
||||
if 'username' in detail:
|
||||
users[email][account_id]['username'] = detail['username']
|
||||
sshkeys = get_account_sshkeys(account_id, auth)
|
||||
if sshkeys:
|
||||
users[email][account_id]['sshkeys'] = True
|
||||
eids = get_account_externalids(account_id, auth)
|
||||
for eid in eids:
|
||||
# We only care about login.ubuntu urls now
|
||||
if 'login.ubuntu' in eid['identity']:
|
||||
r = requests.head(eid['identity'])
|
||||
if r.status_code == 200:
|
||||
# If there is an openid and it is valid we add it
|
||||
# to the list of valid openids
|
||||
users[email][account_id]['openids'].append(eid['identity'])
|
||||
|
||||
check_recent_changes(account_id, users[email][account_id], auth)
|
||||
|
||||
if users[email][account_id]['recently_used']:
|
||||
users[email]['recently_used'].append(account_id)
|
||||
else:
|
||||
users[email]['nonrecently_used'].append(account_id)
|
||||
for account in inactive_j:
|
||||
account_id = str(account['_account_id'])
|
||||
users[email][account_id] = {'recently_used': False,
|
||||
'active': False,
|
||||
'username': None,
|
||||
'sshkeys': None,
|
||||
'openids': []}
|
||||
'openids': [],
|
||||
'invalid_openids': []}
|
||||
users[email]['inactive'].append(account_id)
|
||||
|
||||
detail = get_account_detail(account_id, auth)
|
||||
if 'username' in detail:
|
||||
users[email][account_id]['username'] = detail['username']
|
||||
sshkeys = get_account_sshkeys(account_id, auth)
|
||||
if sshkeys:
|
||||
users[email][account_id]['sshkeys'] = True
|
||||
eids = get_account_externalids(account_id, auth)
|
||||
for eid in eids:
|
||||
# We only care about login.ubuntu urls now
|
||||
if 'login.ubuntu' in eid['identity']:
|
||||
r = requests.head(eid['identity'])
|
||||
if r.status_code == 200:
|
||||
# If there is an openid and it is valid we add it
|
||||
# to the list of valid openids
|
||||
users[email][account_id]['openids'].append(eid['identity'])
|
||||
|
||||
check_recent_changes(account_id, users[email][account_id], auth)
|
||||
|
||||
if users[email][account_id]['recently_used']:
|
||||
users[email]['recently_used'].append(account_id)
|
||||
else:
|
||||
users[email]['nonrecently_used'].append(account_id)
|
||||
gather_user_info(account_id, users[email], auth)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
@ -216,6 +204,9 @@ if __name__ == '__main__':
|
||||
|
||||
users = read_email_list()
|
||||
get_user_activity(users, auth=auth)
|
||||
with open('audit-results.yaml', 'w') as f:
|
||||
yaml.dump(users, default_flow_style=False, explicit_start=True,
|
||||
indent=4, stream=f)
|
||||
|
||||
# TODO there are probably better ways to present this data.
|
||||
print()
|
||||
|
Loading…
Reference in New Issue
Block a user